Application access control system

1. A method for controlling a user's access rights to protected and access-required application in a computer system, comprising: (a) registering a user developed tool housing the protected and access-required application with the computer system to activate protection on the user developed tool and the protected and access-required application housed within the user developed tool via a software program; (b) creating a randomly-generated and encrypted password in a configured mechanism for the protected and access-required application, and storing the randomly-generated and encrypted password in a break-glass database and a back-end database corresponding to the registered user developed tool by an application access control server; (c) entering the user's identification, the single sign-on password, and identification of the protected and access-required application in a user developed tool launcher, to login with a centralized application access authentication facility; (d) checking whether the user is authorized to access the protected and access-required application by the application access control server; and (e) retrieving the randomly-generated and encrypted password from the back-end database and decrypting the randomly-generated and encrypted password to use the decrypted randomly-generated password to launch the application by the application access control server if confirmed that the user is authorized to access the protected and access-required application.

2. The method of claim 1 , further comprising: (f) verifying whether the user developed tool is properly registered and thus protected.

3. The method of claim 1 , wherein the protected and access-required application comprises databases, software, documents, or presentation materials.

4. The method of claim 1 , wherein the user developed tool is a functional carrier of the protected and access-required application grouped in a network shared drive, and grouped by lines of business, departments, or application owners.

5. The method of claim 1 , wherein the break glass database is a database containing the randomly-generated and encrypted passwords corresponding to the protected and access-required, application in the user developed tool, and is housed local to the user developed tool.

6. The method of claim 1 , wherein the single sign-on password is a centralized managed password used for logging into the computer system for general purpose.

7. The method of claim 1 , wherein the centralized, application access authentication facility comprises an engine controlling and implementing an access authentication process.

8. A method for controlling a user's access rights to protected and access-required applications in a computer system, comprising: registering the protected and access-required application with the computer system to activate protection on the protected and access-required application via a software program; creating a randomly-generated and encrypted password in a configured mechanism for the protected and access-required application, and storing the randomly-generated and encrypted password in a break-glass database and a back-end database corresponding to the registered user developed tool by an application access control server; entering the user's identification, the single sign-on password, and identification of the protected and access-required application in an access launcher, to login to an application access authentication facility; checking whether the user is authorized to access the protected and access-required application by the application access control server; and retrieving the randomly-generated and encrypted password, decrypting the randomly-generated and encrypted password and use the decrypted randomly-generated password to launch the protected and access-required application by the application access authentication facility if confirmed that the user is authorized to access the protected application.

9. The method of claim 8 , wherein the protected and access-required application comprises databases, software, documents, or presentation material.

10. The method of claim 8 , wherein the single sign-on password is a centralized managed password used for logging into the computer system for general purpose.

11. The method of claim 8 , wherein the application access authentication facility comprises an engine controlling and implementing an access authentication process.

12. A computer security system for controlling a user's access rights to protected and access-required applications in a computer system whenever the user accesses the protected and access-required applications and thus ensuring that the protected and access-required applications are accessed by authorized users, comprising: a computer server, comprising a processor and memory, for controlling and implementing an authentication process for a user to access the protected and access-required applications; a first module for randomly generating and encrypting passwords for the protected and access-required applications in configured mechanisms; user developed tools for housing the protected and access-required applications in a network shared drive; break-glass databases for housing the randomly-generated and encrypted passwords corresponding to the protected and access-required applications in the user developed tools; back-end databases for housing the randomly-generated and encrypted passwords; a second module for registering the user developed tools housing the protected and access-required applications to activate protection on the user developed tools and the protected and access-required applications; and a third module for accessing the protected and access-required applications via authenticating whether a user is authorized to access the protected and access-required applications, retrieving the encrypted passwords from the break-glass databases, decrypting the encrypted passwords, and using the decrypted passwords to launch the protected and access-required applications.